summaryrefslogtreecommitdiffstats
path: root/crypto/evp/m_sigver.c
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2020-01-07 11:49:08 +0100
committerRichard Levitte <levitte@openssl.org>2020-01-08 22:30:54 +0100
commite0d8523e801b7a1fcdda698f9c28dd7a0617cd02 (patch)
tree6e02db1b8e58c02ef1327b099f557969d2d32bdd /crypto/evp/m_sigver.c
parentnmake: fix install_html_docs target (diff)
downloadopenssl-e0d8523e801b7a1fcdda698f9c28dd7a0617cd02.tar.xz
openssl-e0d8523e801b7a1fcdda698f9c28dd7a0617cd02.zip
EVP: If a key can't be exported to provider, fallback to legacy
Currently, the operations that do try to export a legacy key to providers will fail if the export failed. It makes more sense to simply use the legacy method instead, as a fallback for things not being implemented (yet) in a provider. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10771)
Diffstat (limited to 'crypto/evp/m_sigver.c')
-rw-r--r--crypto/evp/m_sigver.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 7a21f680b9..9d12e9b96a 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -104,6 +104,12 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
locpctx->op.sig.signature = signature;
+ provkey =
+ evp_keymgmt_export_to_provider(locpctx->pkey, locpctx->keymgmt, 0);
+ /* If export failed, legacy may be able to pick it up */
+ if (provkey == NULL)
+ goto legacy;
+
locpctx->operation = ver ? EVP_PKEY_OP_VERIFYCTX
: EVP_PKEY_OP_SIGNCTX;
@@ -113,13 +119,6 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
goto err;
}
- provkey =
- evp_keymgmt_export_to_provider(locpctx->pkey, locpctx->keymgmt, 0);
- if (provkey == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- goto err;
- }
-
if (type != NULL) {
ctx->reqdigest = type;
} else {
@@ -156,6 +155,11 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
return 0;
legacy:
+ if (ctx->pctx->pmeth == NULL) {
+ EVPerr(0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ return -2;
+ }
+
if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
if (type == NULL) {